A computer network is a collection of interconnected computing devices that can exchange data and share resources. In a packet-based network, the computing devices communicate data by dividing the data into small blocks called packets. For example, a service provider network may provide subscriber devices access to other private or public networks, such as the Internet. Certain devices within the service provider network, such as routers, maintain routing information that describes routes through the service provider network. In this way, the packets may be individually routed across the service provider network from a source device to a destination device. The destination device extracts the data from the packets and assembles the data into its original form.
A system administrator may make use of an analyzer device within the service provider network to monitor network traffic. In general, an analyzer device is a tool that captures data from a network and presents the data to a user. The analyzer device typically allows an authorized user to browse the captured data and view summary and detail information for each packet. Accordingly, the authorized user can view the network traffic flowing between devices on the service provider network. For example, the authorized user of the network analyzer may be a Law Enforcement Agency (LEA).
In some cases, a LEA may require the system administrator to mirror network traffic flowing to and from one or more designated subscriber devices. The original network traffic is routed across the service provider network as usual while a mirrored version of the network traffic is forwarded for analysis. The term “lawful intercept” is used to describe the process by which LEAs conduct electronic surveillance of packet-based communications as authorized by a judicial or administrative order. Increasingly, legislation and regulations are being adopted that require public and private service providers to support authorized electronic surveillance. This increase is due in part to the increased use of computer networks for real-time voice communications using, for example, Voice over IP (VoIP).
In some cases, lawful intercept of network traffic may be enabled on a specific interface of a network device within the service provider network via a command line interface (CLI). However, this technique may become difficult as the amount of network traffic and network devices increases. Moreover, activating lawful intercept on a specific interface of the network device may not work well in environments where subscribers login and logout frequently. In other cases, an authentication device, such as a Remote Authentication Dial-In User Service (RADIUS) device, connected to a network device within a service provider network may enable lawful intercept of network traffic for a specific subscriber to the network device. However, some service providers do not use external authentication devices to authenticate their subscriber logins. Furthermore, some service providers may not have access to the authentication device connected to the network device.